Done software since 1999 Degree in Computer Science
Done a little hardware over the years About five years ago bought a Microchip PIC Kit
The labs were cool and easy to get working Anything practical was difficult (low level
assembly)
Defcon 17 Bought all the hardware hacking villiage kits at Defcon 17 Picked up an Arduino shortly after Defcon Was given a decent soldering iron Started building my own projects
Hardware hacking is daunting for many computer hackers understanding all the electrical components and complex circuits cost steep learning curve for some languages used in electronics (i.e. assembly) lack of good information and good community support for many devices
Microcontrollers mix hardware and software You can drop code on them instead of building complex circuits in some places You can reprogram them to be something else whenever you want
Arduinos Open-Source hardware platform All-in-one prototyping board Easy to learn language Free, Open Source IDE Strong Community Backing Cheap (around $30)
Kind of like the hardware equivalent of a scripting language
What’s an Arduino? Arduino Duemilanove ATmega328p 14 Digital I/O pins 6 are PWM Pins
6 Analog pins 32 KB Flash 16 MHz
*Image source – Wikipedia.org Arduino
What else is an Arduino? Since it’s open source hardware there are many other versions of Arduino compatible boards Some boards are only IDE compatible, others are also pin compatible
Other Arduinos
Arduino Mega Sparkfun’s Arduino Pro and Mini Evil Mad Scientist Diavolino Fio Teensy Freeduino Seeeduino Lilypad Ardweeny Bare bones
Arduino IDE •Syntax Highlighting •Compiles Code
•Uploads to the Arduino •Serial console
Arduino Speak
Shield – componets that fit on top of an Arduino
Sketch – Arduino code
.pde – Arduino code file type
Arduino Language Like C, but simpler Has methods for common tasks such as reading and writing to pins, serial, etc. Relatively easy to include external libraries
Sketch Define global variables and/or constants A setup function for things that must be run when the program first starts up A loop function the Arudino will loop through to run the program Any other user defined functions
Blink LED
int ledPin = 13;
// LED connected to digital pin 13
void setup() { pinMode(ledPin, OUTPUT); }
void loop() { digitalWrite(ledPin, HIGH); // set the LED on delay(1000); // wait for a second digitalWrite(ledPin, LOW); // set the LED off delay(1000); // wait for a second }
Google Trends
*Source Google Trends
Arduinos don't work for every project While they're pretty cheap they're expensive when you want to make a lot of devices Not incredibly powerful No parallel computing (have interrupts)
Using Available Shields
Many shields are available, including:
Using Shields Xbee Shield 2.4 Ghz 250 kbps max data rate 128 bit encryption From a few hundred feet to several miles in range
Xbees and Security Can be used for out of band communication Even though they run on 2.4 GHz it’s unlikely they’d be detected during a war driving assessment (not 802.11) Can reprogram your Arduino remotely using an Xbee
Ethernet Shield Can function as a client or server Up to 4 simultaneous connections
Xbee Shield and Ethernet Shield Together Place an Arduino on a network with an Xbee Shield and an Ethernet Shield to launch attacks on the network Xbee traffic will probably never be detected The device is small and may go unnoticed for long periods of time
Making your own Shields You can use Arduinos without doing shields, but it’s a good convention to follow It’s easy to make your own shields You can use a proto shield, custom PCB or multipurpose PCB
You’ll need a soldering iron and possibly other tools
Serial
Easy to use Arduino digital I/O pins 0 and 1 are hardware serial pins Other digital I/O pins can be software serial pins Example devices:
Parallax RFID Reader GPS Units LCDs Various Integrated Circuits
I2C Easy to use Analog pins 4 and 5 are I2C pins I2C is a bus
Can connect up to 128 devices Each device has it’s own address
Reverse Engineering Hardware using I2C and Serial Arduino can be connected to other devices that support I2C and/or Serial to try and determine how they work. Examples:
Connecting to serial pin on a Segate hard
drive Connect to I2C bus of a Wii
GPS Tracking Device Uses a serial GPS unit Can log data to an SD card or broadcast it (i.e. Xbee or cellular). Used to track down stolen good Used to see where people are going
Magnetic card reader and spoofer by connecting a magnetic stripe card reader to an Arduino you can read the data from the magnetic stripe card using an electromagnet emulate a card swiping on a card reader this device could be used to read a magnetic stripe card, then spoof the data on a magnetic card
Simply Put Create an electromagnet Switch the polarity back and forth to make the reader think a card is being swiped
USB HID emulator Based on the AVR project V-USB simple circuit, 3 resistors and 2 diodes any computer thinks a USB keyboard has been connected, no drivers needed. can be modified to emulate other USB devices (mouse, joystick)
Security Uses this device could be used to try and break out of a kiosk mode by trying every possible combination of keyboards. connect it to a computer while the user is away, then after they come back and log in you could distract the user and have it issue commands while the user isn't paying attention (i.e. commands to create a user).
